Who Are the Privacy and Security Cops on the Beat? (Part 3)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, October 13, 2014

Are privacy and security laws being enforced effectively? In the United States, a variety of different regulators are responsible for overseeing and enforcing different laws that impact different types of information. Some laws are exclusively enforced by agencies. Some are also enforced by state attorneys general. Others are enforced exclusively with a private right of action – the ability of individuals to bring lawsuits. Several laws have criminal penalties, which are typically enforced by the Department of Justice (DOJ). And then there are laws that are enforced by a combination of means, such as the Fair Credit Reporting Act (FCRA) which is enforced by two agencies plus private rights of action.

The Privacy Pillory and the Security Rack: The Enforcement Toolkit (Part 2)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Thursday, October 09, 2014

Are privacy and security laws being enforced effectively? What kind of sanctions do privacy and security laws use for enforcement? In this post, I will discuss the various tools that are frequently used in the enforcement of privacy/security laws.

Why Enforce Privacy and Security Laws? (Part 1 of a new series)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Tuesday, October 07, 2014

How are privacy and security laws enforced? How should they be enforced? What enforcement works well? What doesn’t? What are the various agencies that are enforcing privacy laws doing? How do the agencies compare in their enforcement efforts? I plan to explore these questions in a series of posts. Collectively, I’ll call this series “Enforcing Privacy and Security Laws.”

Home Improvement or Guide to Cloud Migrations?

Scott Andersen by Scott Andersen, CGI
Monday, October 06, 2014

Recently I was watching a home improvement show and it struck me that home improvement design questions and questions we should ask our cloud provider are often quite similar.

SafeGov Releases Results of Global Parents Surveys Relating to Student Online Privacy

Jeff Gould by Jeff Gould, SafeGov.org
Wednesday, September 17, 2014

Surveys of nearly 5,500 parents in 11 countries around the world, including Europe, Asia and North America, show that parents have high hopes for the contribution that Internet applications can make to their children’s education, especially when it comes to acquiring skills relevant to the modern global economy. At the same time, the vast majority of parents worry that internet companies are tracking and profiling their children’s online activities at school for advertising purposes, and they want such practices banned. Specifically, parents want stronger government regulations against online data mining in schools that isn’t directly related to improving academic performance, and they want schools to forbid such practices. The findings are based on a series of surveys conducted between 2012 and 2014 for SafeGov aimed at capturing global parents’ views on the benefits and risks of proliferating in-school access to internet applications such as email, document creation and group collaboration.

The Value of the Broker Model

Scott Andersen by Scott Andersen, CGI
Tuesday, September 16, 2014

I find it interesting and have the argument frequently about the value of cloud brokers. I tend to be arguing with cloud service providers and argue that there is significant customer value in the cloud broker model. Cloud service providers don’t always see that value and they should.. From their perspective its business as usual and the broker of course changes that. Lately however I am seeing more and more people moving to my side and tipping the argument further. So I have come up with my top ten reasons brokers will be of value in the next two years.

Our Day in Court?

H. Bryan Cunningham by Bryan Cunningham, Cunningham Levy LLP
Friday, September 12, 2014

Something unusual happened in an Oakland federal court this summer. The U.S. Government, concerned that classified national security information had been disclosed in a courtroom crowded with reporters and spectators, asked the court to modify the public record, as though the words had never been said at all, but the government later decided no classified information had been disclosed, so the issue became moot. In a separate federal case, a private company asked another federal judge to remove from the public record possible trade secret information the company’s witness had publicly disclosed, even though a verbatim transcript of the statements had been published on the court’s website. That judge forcefully rejected the company’s attempt to make this information disappear. The parties to these two cases would differ about whether the judges adequately protected their interests in the specific case at issue. But both cases involved alleged intrusive mass surveillance of our private communications, the first by the National Security Agency (NSA) and the second by Google.

Investigating in the Cloud: Challenges for Digital Forensics

Mary DeRosa by Mary DeRosa, The Chertoff Group
Wednesday, September 03, 2014

Law enforcement has made significant progress in working through the policy and technical issues it faces in moving its own data and processes to a cloud environment. Unfortunately, as a recent draft report from the Commerce Department’s National Institute of Standards and Technology (NIST) demonstrates, that is not the only – or even the most significant – problem that cloud computing presents for law enforcement. The report, “NIST Cloud Computing Forensic Science Challenges,” identifies the many and daunting challenges that law enforcement and others face when conducting investigations involving data stored in the cloud. Although the report describes challenges for law enforcement, cloud providers are a key audience for NIST’s work.

Mobile Apps and Privacy for Federal Users: Drawing the Line on “App-Appropriate”

Julie Anderson by Julie Anderson, Civitas Group
Friday, August 15, 2014

The federal mobile device landscape is evolving at a rate faster than ever before. Budget realities have accelerated the adoption of federal telework initiatives and lowered agencies’ reluctance toward bring-your-own-device (BYOD) policies – due to promising cost savings coupled with the growing demand from employees. As a result, agencies today face the daunting task of overseeing a wider assortment of devices, operating systems, and applications – all of which require heightened security and privacy considerations. Within this realm, mobile apps are a promising contribution toward improving productivity, efficiency, and customer service in the federal workforce. Some agencies have already begun rolling out or approving mobile app tools for their employees to use for job-related functions. In addition, other agencies are leveraging public-facing apps to engage constituents such as emergency alerts or newsfeeds. But as agencies approve the use of apps hosted on common commercial market operating systems – such as Google’s Android or Apple’s iOS – how these larger consumer-focused companies set up or utilize application data should be of increasing concern. The federal shift to BYOD and mobile apps must not come at the expense of privacy.

The Seasons of Cloud

Scott Andersen by Scott Andersen, CGI
Thursday, August 07, 2014

Many organizations have interesting peaks and valleys in their compute needs. Some have periods of significant intensity followed later by great periods of lots of spinning disk but no real business need for all the capacity. That is often called Seasonality. It’s an interesting problem to consider from a customer viewpoint.